cPanel & WHM Version 84 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
 

Encrypt email with s/mime certificate

John Carne shared this idea 11 months ago
Open Discussion

As a web hosting provider, I would like the ability for my clients to easily implement SMIME certificates from their cPanel-created email accounts both in webmail and external mail software so that they have the option of using SMIME encryption and their email looks more professional by displaying their digital signature.


------------------------------------------------------------------


Hi,

I find that s/Mime personal ID certificate are a great deal for security and professionalism when sending emails.

PGP exist in cPanel, but has never been operational as this is for super high security with no flexibility at all , and with end user needing key to read email.

We need professional and flexible encoding email content using s/Mime personal ID certificate to buy or get it free with Comodo. It should apply to all email domain accounts.

This solution is needed at cPanel server level to cover any email transactions done thourgh webmail/websites (like for PGP). Email client software level only is unsufficient, and complicated to setup.

Moreover, consideing GDPR, i wonder how this unsecurity with not encoded emails for 99.99% email transactions can last for 20 years...

Thanks

Comments (2)

photo
1

Yes. GDPR. Me and my small band of clients, who all have customers with whom they email, as well as with me. We are all discussing how to deal with the GDPR requirement to encrypt anything containing two or more identifiable personal details. Which is to say no one is yet doing it because GDPR is demanding we take responsibility where we do not have authority. We can offer SMIME/PGP PKI based email, but clients have to co-operate and the most vulnerable, "consumers" as well as businesses do not play ball. So we are supposed to send passworded files, and then deal with the complaints about wasting their time with lost passwords now and in the future. Passwords are the biggest single weakness of everything because there is an assumption we can all use different passwords when we cannot - unless we get "sophisticated" and use password managers etc, or better, digital certificates. And, try doing that using online accounts like hotmail, gmail etc (cpanel) . There is no solution that works for all, Google doesn't even allow SMIME (except if you pay a fortune for "enterprise" access), which places small business at risk by demanding we do what we cannot do without risking our business (time is money is survival). So we don't. Me? I'm using SMIME and digitally signing, giving my clients user access to my server so our exchanges are TLS encrypted, but if I was an IFA with say 300 clients it would not really be practical. Email was never designed to be secure; and over 180 days in the USA apparently it is considered "abandoned" and available to all authorities without due process. We (the small business world) can act quickly, but we cannot solve the planetary email security problem just because the elite in the EU are ignorant enough to think what they are insisting upon is reasonable or even practical for millions of small businesses who have enough trouble just making ends meet.

WE NEED ENCRYPTION STANDARDS.

And that's for the authorities (yes, pun intended as regards certificate authorities and government authorities) to create and implement, not us; we do not have the resources and abrogation of the responsibility by the EU will not make it happen.

anthony

photo
1

I use Comodo secure certificate for all my email addresses.

For the most part it works to a certain point.

The bad things about this is

1. Manually have to add it to Outlook and it is a pain to get it added.

2. The Encrypt function does not work in Outlook even though it keeps it at TLS.

3. There is a few others but they are minor things.


Be nice to able to do everything on a email address directly from the server Encrypt and Trust Sign.

The ability for the cPanel user to select this feature in the cPanel client side would be a great feature to have and make simple and easy to use regular users.